Knowledgebase

How to keep your Wordpress and Other CMS protected from attacks?

Wordpress websites and websites using other CMSes like Joomla, Drupal etc can be hacked or can face attack if the clients don't follow the below precautions.

Due to this hackers can control your Wordpress website to send spam or place malicious code on computers to steal passwords.

To avoid this, we recommend all our clients to keep their Wordpress & other CMSes along with plugins & themes updated all the time.

You can follow steps highlighted here to protect your Hosting & CMS from above mentioned attacks:1) Avoid installing plugins and themes that are not popular and without 4-5 star rating at Wordpress.org (check for number of downloads and star rating before installing any plugin or theme).

2) Never install plugins and themes that are paid but are available for free and nulled at untrusted sites. Hackers often insert code in these themes and plugins that they can use to control your Wordpress sites and send spam.

3) Always update Wordpress & Plugins regularly.

4) Use strong passwords for Wordpress, CPanel & Email accounts generated with combination of capital and small alphabets and numbers and special characters like *,$,#,& etc. And regular update these passwords. Never save these passwords on your computer if your computer is not protected against malware and viruses. Its best to write the passwords on notebook or paper.

5) Use plugins like Wordfence to increase security of your Wordpress.

6) Use Cloudflare to block vistors and IPs with bad reputation on various blacklists.

7) Use Caching plugins on your Wordpress website to speed up loading of website pages and increase performance of your website.

8) Reinstall Wordpress Installation, Themes and Plugins from scratch (by deleting everything and installing again) if our system has notified you about the possible infected files.

9) Constantly check for files on the server that look strange (Example: Look for unusual file names that are not found in usual Wordpress/CMS files e.g:db11.php, sqlxx.php; check for files with full rights to server eg: files with 777 permissions) and files that have encrypted code in them. You can check these files by sorting files by date. You will often find that recently updated files are mostly infected with malicious codes.